Feeds.4Sysops
GodDamn Ransomware Exploits Microsoft-Signed Driver to Evade Security
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The GodDamn ransomware, a rebranding of previous strains, is being deployed by the Hyadina group to target U.S. organizations across various sectors. This ransomware utilizes a malicious kernel driver, PoisonX, which was improperly signed by Microsoft, to disable endpoint security tools. Initial access is gained through legitimate remote desktop software like AnyDesk, followed by the deployment of a credential-harvesting toolkit that includes multiple NirSoft utilities. The toolkit is designed to extract sensitive information such as browser histories and Wi-Fi profiles. The attacks have been observed in sectors including healthcare and manufacturing. Researchers emphasize the importance of behavioral protection to counter such sophisticated evasion techniques. The use of a Microsoft-signed driver raises significant concerns about the integrity of software signing processes. The attack methodology highlights the risks associated with dual-use tools in the hands of cybercriminals.
Key Points: • GodDamn ransomware targets U.S. organizations using a Microsoft-signed malicious driver. • Initial access is achieved via remote desktop tools like AnyDesk. • The attack employs a toolkit of NirSoft utilities for credential harvesting.